Tag: cve

sbom-cve-check updates: integrated in Yocto 6.0 Wrynose, Schneider Electric support, new releases, and more

sbom-cve-checkBack in December 2025, we announced the release of sbom-cve-check, a lightweight CVE analysis tool for your Software Bill of Materials (SBOM). Since the announcement, we have announced a number of updates and new releases, but work has continued, and we have several new updates to share about sbom-cve-check.

Continue reading “sbom-cve-check updates: integrated in Yocto 6.0 Wrynose, Schneider Electric support, new releases, and more”

sbom-cve-check v1.2.0 released

sbom-cve-checkWe are pleased to announce the release of sbom-cve-check v1.2.0, which focuses on offline usability, improved SPDX 3.0 support, and more flexible export options.

For the record, sbom-cve-check is a lightweight, standalone and easy-to-use tool that parses Software Bill Of Materials (SBOM) files and using publicly available databases of security vulnerabilities (CVEs), provides a report detailing which software components are affected by known security vulnerabilities. sbom-cve-check is developed and maintained by Bootlin engineer Benjamin Robin.

In the next sections we will describe the major updates brought by this 1.2.0 release.

Continue reading “sbom-cve-check v1.2.0 released”

sbom-cve-check updates: new release, meta-sbom-cve-check, possible Yocto integration, FOSDEM talk

sbom-cve-checkBack in December 2025, we announced the release of sbom-cve-check, a lightweight CVE analysis tool for your Software Bill of Materials (SBOM).

Since the release announcement, the project has continued its development, and in this blog post, we wanted to share a number of updates about this project: a new 1.1.0 release, a new meta-sbom-cve-check layer, possible integration into the Yocto Project, and a talk at FOSDEM.

Continue reading “sbom-cve-check updates: new release, meta-sbom-cve-check, possible Yocto integration, FOSDEM talk”

Announcing sbom-cve-check, a lightweight CVE analysis tool for your SBOM

sbom-cve-checkToday, we are happy to announce the first release of a brand new open-source project: sbom-cve-check, a lightweight CVE analysis tool for your Software Bill of Materials (SBOM). Written in Python, with minimal dependencies, and a very simple workflow in mind, sbom-cve-check will parse your SBOM (SPDX v2.2 or SPDX v3.0 currently supported), and using publicly available databases of security vulnerabilities, will generate a report of known security vulnerabilities affecting the software components listed in your SBOM.

This tool will be presented tomorrow, on December 2 at 3:40 PM during the Yocto Project Virtual Summit 2025.12 during a talk titled sbom-cve-check: Lightweight Python tooling for out-of-build CVE analysis of SPDX3 SBOMs, presented by Bootlin engineers Benjamin Robin and Olivier Benjamin.

Continue reading “Announcing sbom-cve-check, a lightweight CVE analysis tool for your SBOM”